Fixed #31451 -- Made settings cleansing work with list and tuple settings.

2020-04-11 08:25:23 +07:00 · 2020-04-11 08:25:23 +07:00 · 3e7c39f710
parent d51c50d836
commit 3e7c39f710
2 changed files with 39 additions and 0 deletions
--- a/django/views/debug.py
+++ b/django/views/debug.py
@ -90,6 +90,10 @@ class SafeExceptionReporterFilter:
                cleansed = self.cleansed_substitute
            elif isinstance(value, dict):
                cleansed = {k: self.cleanse_setting(k, v) for k, v in value.items()}
+            elif isinstance(value, list):
+                cleansed = [self.cleanse_setting('', v) for v in value]
+            elif isinstance(value, tuple):
+                cleansed = tuple([self.cleanse_setting('', v) for v in value])
            else:
                cleansed = value
        except TypeError:
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@ -1249,6 +1249,41 @@ class ExceptionReporterFilterTests(ExceptionReportTestMixin, LoggingCaptureMixin
            {'login': 'cooper', 'password': reporter_filter.cleansed_substitute},
        )

+    def test_cleanse_setting_recurses_in_list_tuples(self):
+        reporter_filter = SafeExceptionReporterFilter()
+        initial = [
+            {
+                'login': 'cooper',
+                'password': 'secret',
+                'apps': (
+                    {'name': 'app1', 'api_key': 'a06b-c462cffae87a'},
+                    {'name': 'app2', 'api_key': 'a9f4-f152e97ad808'},
+                ),
+                'tokens': ['98b37c57-ec62-4e39', '8690ef7d-8004-4916'],
+            },
+            {'SECRET_KEY': 'c4d77c62-6196-4f17-a06b-c462cffae87a'},
+        ]
+        cleansed = [
+            {
+                'login': 'cooper',
+                'password': reporter_filter.cleansed_substitute,
+                'apps': (
+                    {'name': 'app1', 'api_key': reporter_filter.cleansed_substitute},
+                    {'name': 'app2', 'api_key': reporter_filter.cleansed_substitute},
+                ),
+                'tokens': reporter_filter.cleansed_substitute,
+            },
+            {'SECRET_KEY': reporter_filter.cleansed_substitute},
+        ]
+        self.assertEqual(
+            reporter_filter.cleanse_setting('SETTING_NAME', initial),
+            cleansed,
+        )
+        self.assertEqual(
+            reporter_filter.cleanse_setting('SETTING_NAME', tuple(initial)),
+            tuple(cleansed),
+        )
+
    def test_request_meta_filtering(self):
        request = self.rf.get('/', HTTP_SECRET_HEADER='super_secret')
        reporter_filter = SafeExceptionReporterFilter()